Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save mdziekon/221bdb597cf32b46c50ffab96dbec08a to your computer and use it in GitHub Desktop.
Save mdziekon/221bdb597cf32b46c50ffab96dbec08a to your computer and use it in GitHub Desktop.
XPS 15 9570 - DualBoot with Encryption (Windows 10 with BitLocker + Ubuntu 18.04 with LVM on LUKS)
  • Based on https://askubuntu.com/a/293029/286776
  • Installation date: 15-09-2018
  • Additional notes based on my own experience
  • The process describes a completely fresh installation with a complete repartitioning, however it should work fine when Windows is already installed (eg. brand new machine with Windows preinstalled).
  • The process was conducted on Dell's XPS 15 9570 (2018) with specs:
    • CPU: i7-8750H
    • Screen: 4K with Touch
    • RAM: 16 GB (original) / 32 GB (manually upgraded)
    • Drive: 512 GB (SK Hynix PC401)
    • Windows 10 Pro license
    • BIOS version: 1.3.1
      • Suprisingly, Ubuntu's update manager supports BIOS updates out of the box
  • My installation did not require to disable TPM nor Secure Boot
  • My installation did not force me to recover Bitlocker after Ubuntu's installation
    • Some people report that it was needed in their case
    • See "Additional notes" for more info about GRUB & Booting into Windows

1. Preparation (using another computer with Ubuntu)

  1. Create Windows installation USB stick
    • Download .ISO file from Microsoft's webpage
    • Create bootable USB using WoeUSB
      • Ubuntu has an option to "restore" ISO images using Disks utility, but it does not work correctly (Windows installer asks for additional drivers)
      • I also had to compile WoeUSB because of some weird bug in the default Ubuntu's (PPA's) supplied package that would not let me finish the installation process
  2. Create Ubuntu installation USB stick
    • Download .ISO file from Ubuntu's webpage
    • Create bootable USB using "whatever"
  3. Go to BIOS (F2) and switch from SSD's "RAID mode" to "AHCI mode"

2. Install Windows

  1. Insert newly created bootable USB and start the installation process
  2. Re-partition your drive
    • My partitioning scheme (devices might have be labeled differently!):
      1. Boot drive for Linux: 1GB
        • /dev/nvme0n1p1
      2. Windows OS drive: ~75GB
        • /dev/nvme0n1p5
        • Will automatically create additional drives before the actual OS drive as soon as you create the first "regular" partition
      3. Windows data drive: ~100GB
        • /dev/nvme0n1p6
      4. Ubuntu LUKS drive: ~300GB
        • /dev/nvme0n1p7
        • Can be created later
  3. Install Windows on the "Windows OS drive"
  4. Boot to Windows after installation, install all updates
  5. Enable BitLocker on "Windows data drive" ("Windows OS drive" was already encrypted)
  6. Create recovery data for both Bitlocker-protected drives and store them somewhere (eg. additional USB)

3. Install Ubuntu

  1. Insert newly created bootable USB and start the installation process
  2. Create LUKS container on "Ubuntu LUKS drive" and "wipe it":
    • sudo cryptsetup luksFormat /dev/nvme0n1p7
    • sudo cryptsetup luksOpen /dev/nvme0n1p7 cryptdrive
    • sudo dd if=/dev/zero of=/dev/mapper/cryptdrive bs=16M
  3. Create LVM physical volume, a volume group & logical volumes:
    • Volumes are sized as follows:
      • OS drive: 60GB
      • Swap: 16GB
      • Home: rest
    • Commands:
      • sudo pvcreate /dev/mapper/cryptdrive
      • sudo vgcreate vglinux /dev/mapper/cryptdrive
      • sudo lvcreate -n root -L 60g vglinux
      • sudo lvcreate -n swap -L 16g vglinux
      • sudo lvcreate -n home -l 100%FREE vglinux
  4. Start the installation process using GUI:
    • Connect to WiFi network
    • Installation options:
      • Pick "minimal installation"
      • Pick "install updates during installation"
      • Pick "install 3rd party drivers" (no need to "reset Secure Boot password")
    • Pick "custom installation process" (the one which lets you repartition stuff)
      • Pick /dev/mapper/vglinux-root as ext4 FS & mount it to /
      • Pick /dev/mapper/vglinux-home as ext4 FS & mount it to /home
      • Pick /dev/mapper/vglinux-swap as swap
      • Pick /dev/nvm0n1p1 as ext4 FS & mount it to /boot
        • Without doing this, installation will fail when configuring GRUB
      • Pick "boot drive" (the select list at the bottom) and assign it to /dev/nvm0n1p1
    • Proceed with the installation
  5. After GUI installation completes, stay within the Live USB environment
  6. Check the UUID of the LUKS drive:
    • sudo blkid /dev/nvme0n1p7
    • Example output:
      • /dev/nvme0n1p7: UUID="abcdefgh-1234-5678-9012-abcdefghijklm" TYPE="crypto_LUKS"
  7. Mount root & boot drives and chroot into the main mount:
    • sudo mount /dev/mapper/vglinux-root /mnt
    • sudo mount /dev/nvme0n1p1 /mnt/boot
    • sudo mount --bind /dev /mnt/dev
    • sudo chroot /mnt
    • mount -t proc proc /proc
    • mount -t sysfs sys /sys
    • mount -t devpts devpts /dev/pts
  8. In chroot env, configure crypttab allowing to boot Ubuntu with Encryption unlocker
    • sudo nano /etc/crypttab:
      # <target name> <source device> <key file> <options>
      # options used:
      #     luks    - specifies that this is a LUKS encrypted device
      #     tries=0 - allows to re-enter password unlimited number of times
      #     discard - allows SSD TRIM command, WARNING: potential security risk (more: "man crypttab")
      #     loud    - display all warnings
      cryptdrive UUID=abcdefgh-1234-5678-9012-abcdefghijklm none luks,tries=0,discard,loud
      
    • update-initramfs -k all -c
  9. Reboot into Ubuntu

4. Ubuntu Tweaks

  1. Run some of the dell-xps-9570-ubuntu-respin tweaks:
  2. Additional packages (some might have been included in the Respin):
    • sudo apt-get install smbios-utils
  3. More Tips & Tricks related to Thermals:
  4. Enable right-mouse-click:
  5. Enable Yaru-dark in GNOME Shell:

Additional notes

  • Switching between OSes:
    • Ubuntu (GRUB) is the default boot option
    • Windows can be accessed using F12's boot option menu
      • It can also be accessed using GRUB's menu, however, then it prompts me to use the BitLocker's recovery key
      • Cancelling the recovery and using F12 -> Windows Boot Manager trick did not prompt to use recovery key again...
  • Both, when installing Ubuntu, and sometimes when rebooting installed Ubuntu, "poweroff" or "reboot" results in prolonged shutdown with locked up display.
    • Fixed with dell-xps-9570-ubuntu-respin tweak script
  • About BIOS upgrade:
    • An upgrade from 1.3.0 to 1.3.1 required to swap RAM sticks to the original ones again, because the machine would not boot with white & amber LED flashes (supposedly indicating "memory problem"). After booting just once with the original sticks, I've swapped to the 2x16GB sticks again without a problem.

Changelog

  • [2019.10.24]
    • Added link to an article related to enabling Yaru-dark in GNOME Shell (eg. notification center background adjustment, which by default is white).
@luispabon
Copy link

luispabon commented Aug 16, 2019

Thank you for this, I'm about to embark on a total nuke of my laptop and need dual-boot, and I also have my own needs in terms of partitions to have in linux.

I've managed to do a trial-install on virtualbox of windows and ubuntu using EFI. If someone stumbles upon this, it's all the same steps except for a few changes at the very beginning when you're partitioning (before windows install):

  • Ensure partition table is GPT (if you already have an efi windows installation, this will be the case already)
  • Create an additional partition for EFI. Make new 500MiB FAT32 partition on gparted (you might already have one already, if so skip). Apply changes. Right click on it > manage flags. Set "esp" (boot might auto-check itself too).

Then follow the guide (create your windows partitions, install windows, boot again into ubuntu live usb etc etc).

@flosse
Copy link

flosse commented Aug 31, 2019

Thanks for this guide!
I used it with an already installed windows system so my partitions where like this:

  • sda1 -> Windows (NTFS)
  • sda2 -> Windows (NTFS)
  • sda3 -> /boot EXT4
  • sda4 -> Crypt

So I had to install grub to /dev/sda directly (chroot + grub-install --force /dev/sda + dpkg-reconfigure grub-pc).

@Sigmundius
Copy link

Thank you very much for the effort of writing this! Very helpfull.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment